Users login

Create an account »


Users login

Home » Hacking News » CuteFTP 5.0 XP, Buffer Overflow

CuteFTP 5.0 XP, Buffer Overflow

by Nikola Strahija on January 19th, 2003 Buffer Overflow In CuteFTP 5.0 XP.

By Me, Lance Fitz-Herbert (aka phrizer).
September 4th, 2002

Vulnerable Applications:
Tested On CuteFTP 5.0 XP, build
Others could be vulnerable...

This could allow arbitary code to be executed on the remote victims machine,
if the attacker is
successfull in luring a victim onto his server.

When a FTP Server is responding to a "LIST" (directory listing) command, the
response is sent
over a data connection. Sending 257 bytes over this connection will cause a
buffer to overflow,
and the EIP register can be overwritten completely by sending 260 bytes of

Vendor Status:
Contacted GlobalSCAPE Jan 14th 2003, After a couple of emails back and forth
within a few days, they
confirmed the problem, and siad they are working on a release for Monday
(20th Jan, 03) which will address
the issue.

Upgrade to new version which should be avalible from Monday (20th Jan, 03).

Not released.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »